3 matches found
org.jenkins-ci.plugins:dependency-check-jenkins-plugin (>=3.3.4 <=4.0.2) potentially affected by CVE-2021-21632 via org.jenkins-ci.plugins:dependency-track (=1.1.1)
org.jenkins-ci.plugins:dependency-track MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:dependency-track and may be impacted: - org.jenkins-ci.plugins:dependency-check-jenkins-plugin =3.3.4, =4.0.2 Source cve...
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...
CVE-2021-21632
The CVE-2021-21632 issue affects Jenkins OWASP Dependency-Track Plugin (3.1.0 and earlier). The root cause is missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read to connect to an attacker-specified URL and capture credentials stored in Jenkins (including Secr...